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Related Appeals and Interferences 

There are no related appeals or interferences that will directly affect, be directly 
affected by or have u bearing on the present appeal. 



Status of Claims 



Claims 1 to i 1, 13 to 30, 33 and 35 to 



42 are presently pending in this application. 



Claims 12, 31, 32 and 34 are cancelled 



Claims 13 to 30 and 38 to 42 stand rejected under 35 U.S.C 102(b) as being 
anticipated by Ford et aL (U.S. Patent 5,48l,4j13). Claims 1 to 11, 33 and 35 to 37 stand 
rejected under 35 U.S.C. 103(a) as being unpatentable over Ford 



The present appeal is directed to claims 1 to 1 1 , 13 to 30, 33 and 35 to 42. 



Status of Amendments 



The Appellant filed an amendment to 
on May 1 1, 2006, Tn an Advisory Action of Jjune 
would not be entered. 



slaim 31 in reply to the Final Office Action 
7, 2007, it was stated this amendment 



Applicant filed an amendment after-final to cancel claims 3 1 and 32 on May 4, 
2007 in response to the Notice of Non-compliant Appeal Brief issued April 18, 2007. 
This amendment was entered by the Examine as indicate in the Advisory Action dated 
May 15, 2007. 

Summary of Claimed Subject Matter 
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The invention is embodied in the five appealed independent claims, namely 
claims 1, 13, 29, 30, 33 and 38. 

Claim 1 is directed to a method for a olecryptor 12 to obtain a decryption key from 
a key release agent 14, The decryptor obtain! an encryption block 56, generates a key 
release request 64 and outputs the key release request 64 to the key release agent 14, The 
encryption block 12 comprises a data ciphertext 44 requiring a decryption key to decrypt, 
key related information (page 18 lines 8 to 13) associated with a first (public key, private 
key} pair, and a key ciphertext consisting of the decryption key encrypted by the first 
public key. The encryption block 12 does noi: include an ACD (access controlled 
decryption) block. The key release request 64 contains the key ciphertext and the key 
related information. The key release request 64 is for use by the key release agent 14 to 
locate decryptor authorization logic (page 15 Jines 2 to 3) stored externally to the key 
release request. The logic is to be applied in determining whether or not to release the 
decryption key. If the decryption key is to be release, the decryptor receives a key release 
response 66 specifying the decryption key. (See also page 7 line 24 to page 8 line 9 and 
page 13 line 6 to page 14 line 7). 



Claim 1 3 is directed to a key release method. A key ciphertext and key related 
information are received from decryptor 12. The key related information is in respect of 
a key used to encrypt the key ciphertext. Decryptor authorization logic (page 15 lines 2 
to 3) stored externally to the decryptor is located with use of the key related in formation. 
Decryptor information (page 18 lines 15 to 23) with respect to the decryptor is located. 
Whether decryption of the key ciphertext is to be permitted is decided. The decision is 
based on the decryptor information and the decryptor information logic. (Sec page 5 
lines 9 to 16; page 16 line 23 to page 1 8 line ^ ). 

Claim 29 is directed to a method of controlling access to a decryption key. A key 
release request 64 is received from a decryptor 12. The request comprises decryptor 
information (page 1 8 lines 15 to 23) and the decryption key encrypted using a public key. 
Decryption authorization logic (page 15 lines 2 to 3) stored externally to the request is 
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located with the use of the public key. The logic is applied to the decryption information 
to determine whether the decryptor should be permitted access to the decryption key. If 



the decryptor is to be permitted access, a key 



release 66 response specifying the 



decryption key is sent. (See page 6, lines 25 to page 7 line 1 9; page 14 lines 8 to 1 8). 



Claim 30 is directed to a method of controlling access to a decryption key. The 
method comprises a first step of maintaining a private key repository. The private key 
repository 82 comprises a plurality of access identifiers, and for each access identifier at 
least one key related information of a respect: ve (public key, private key} pair 92. The 
repository also contains the private key for each {public key, private key} pair. (See 
Figures 4 and 5 and page 14 lines 8 to 23) Next the method comprises receiving a key 
release request 64 containing a decryption key encrypted using a public key of a (public 
key, private key} pair and containing a key related information associated with the 
(public key, private key} pair. (For example Steps 7-1 and 7-2 of Figure 7, page 16, 
lines 24 to 28) The method also comprises maintaining a repository 84 residing externally 
to the key release request associating each access identifier with respective decryptor 
authorization logic (page 1 5 lines 2 to 3) that Jean be applied to a decryptor information 
(page IS lines 15 to 23). (See Figure 6 and Page 15, lines 5 to 25) The decryptor 
information is obtained and for each access identifier in association with which the key 
related information is stored, the respective decryptor authorization logic is applied to the 
decryptor information specified in the key release request. (Step 7-7, page 17 lines 10 to 
1) In the event Ihe decryptor information satilfies at least one of the respective decryptor 
authorization logics, the ciphcrlext is decrypted to recover the decryption key and a key 
release response 66 is sent specifying the decryption key. (Step 7-13, page 17 lines 23 to 
26) 

Claim 33 is directed to a decryptor 1 2 comprising means for obtaining an 
encryption block 56, means for generating a key release request 64 and outputting the 
request to a key release agent 14, means for making decryptor information (page 18 lines 



1 5 to 23) available to the key release agent, and means for receiving a key release 



response 66. The encryption block comprises 
key to decrypt, key related information (page 
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{public key, private key) pair and a key ciphcrtext consisting of the decryption key 
encrypted by the first public key. The encryption block does not include an ACD. The 
key release request contains the key cipherte jt and the key related information. The 
decryptor information is for use by the key release agent to locate decryptor authorization 
logic (page 1 5 lines 2 to 3) stored externally to the key release request. The logic is to be 
applied in determining whether or not to release the decryption key. (See page 7 lines 20 
to 23 and page 12 lines 28 to page 13 line 15 



Claim 38 is directed to a key release agent 14 comprising means for receiving 



from a decryptor 12 a key cipher text and kej 



in respect of a key used to encrypt the key ciphertext, means for locating decryptor 
information (page 18 lines 15 to 23) stored externally to the decryptor with use of the key 
related information, means for locating decryptor information in respect of the decryptor, 
and means for deciding based on decryptor information and the decryptor authorization 
logic (page 15 lines 2 to 3) whether decryption of the ciphertext is to be permitted. (Page 
14 line 8 to 18; page 15 lines 21 to 25). 



related information (page 18 lines 8 to 13) 



Grounds of Rejection to be Reviewed on Appeal 



Claims 13 to 30 and 38 to 42 are rejected 
anticipated by Ford et al. (U.S. Patent 5,481,613) 



under 35 U.S.C. 102(b) as being 
(hereinafter "Ford"). 



Claims 1 to 1 1, 33 and 35 to 37 are rejected under 35 U.S.C. 103 as being 
unpatentable over Ford. 

Argument 

35 U.S.C. 102(b) 

L Independent Method Claim 13 
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It is respectfully submitted that the Examiner's rejection of claim 13 is erroneous, 
for the following reasons, 



of "locating decryptor authorization logi c 
the key related information" is disclosed in 
17 and 53 to 55 and that the feature of 



The Examiner alleges that the feature ■ 
stored externally to the decryptor with use of I 
Ford in Figure 2 and at column 6, lines 13 to 

"obtaining decryptor information in respect of the decryptor" is disclosed in Ford at 
column 6, lines 56-66. The referenced passages of Ford refer to obtaining "decryptor 
privilege attribute information" and provide examples of what that information can 
include. These include: authenticated identity, group membership, role membership, and 
clearance information. The Examiner has inferred that the decryptor privilege attribute 
information of Ford is analogous to both the decryptor authorization logic and the 
decryptor information recited in claim 13. Li ies 55-66 simply provide examples of the 
decryption privilege attribute information disclosed on lines 50-55. Therefore, both 
passages are referring to the same thing. With all due respect, this interpretation of the 
claims and prior art results in the illogical result of the decryptor authorization logic and 
the decryptor information having the same meaning. This is clearly an error. 

The terms "logic" and "information" have been used by the Applicant throughout 
the claims and description in different contexts and it is clear that these terras are 
intended to have different meanings. For example, the limitation of "deciding based on 
the decryptor information and the decryptor authorization logic ..." in claim 13 would be 
nonsensical if these two terms did not have different meanings. In any event, the 
ordinary meaning of these terms, as understood by a person skilled in the art arc clearly 
different. Information does not have any functionality, whereas logic can be applied to 
information or data to achieve a result, 



As explained on page 13 of our response of December 13, 2005, the decryptor 
privilege attribute information is clearly not "decryptor logic". The following passage 
from Ford referred to on that page of the respo nse, makes it clear that the decryptor 
attribute information is simply data that is used as the basis for a comparison: 
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"This decryptor privilege attribute information may be just the decryptor's 
authenticated identity, which nay be obtained in one embodiment through the key 
release transaction request using a suitable authentication mechanism. In another 
embodiment, more extensive decryptor privilege attribute information, e.g., 

or clearance information may be supplied 
g., a privilege attribute certificate signed by 



group-membersh ip, role-membership 
by the decryptor in a certified form, e 



a trusted third pany, or, in a yet further embodiment, the KRA may obtain 



decryptor privilege attributes from a 
line in FIG. 2. * 



supporting database as shown by a dotted 



Tt is clearly wrong to inteipret "decryptor privilege attribute information" to be 
analogous to "logic" that can be applied to data, as the Examiner has done in the 
Advisory Action. On page 15 of the description of the present invention, in describing a 
specific embodiment, it is stated on lines 1-4 hat: "Each access identifier is associated 
with a set of rules (more generally, is associated with respective decryptor authorization 
logic)". Clearly, a set of rules is an example of logic. However, the "decryptor privilege 
attribute information", as used in the context of Ford could not be used to describe a set 
ofmles. 



Therefore, the essential feature of "locating decryptor authorisation logic stored 
externally to the decryptor" in claim 13 is not disclosed by the prior art and thus the test 
for anticipation has not been met. It is thus respectfully submitted that claim 1 3 is in 
compliance with 35 U.S.C 102(b). 



2, Dependent Claim 14 

Claim 14 depends from claim 13 and 
decryptor information being received from the 
and key related information. 



defines the additional limitation of the 
decryptor together with the key ciphertext 
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Claim 14 includes the inventive featu 
respectfully submitted that claim 14 is novel 
respect to claim 13* 



es of claim 13 and therefore, it is 

3vcr Ford for at least the reasons given with 



Furthermore, it is submitted that the additional limitation recited in claim 1 4 is not 
disclosed in the cited passage of Ford, i.e. Figure 2, step 34, column 6, line 40 to column 
7, line 49. The cited passage docs not disclose obtaining the decryptor information from 
the decryptor nor receiving it together with key ciphcrtcxt and key related information. 
At lines 42 to 43 of column 6, Ford states tha f: "The KRA will also obtain decryptor 
privilege information". This leads the reader to understand that the decryptor privilege 
information is obtained in addition to the other information but not at the same time or 
from the same place. In fact, in the specific embodiment shown in Figure 2, the 
decryptor privilege information is obtained from a supporting database. 



that claim 14 is in compliance with 35 



Therefore, it is respectfully submitted 
U.S.C. 102(b). 

3, Dependent Claim IS 



Claim 15 depends from claim 13 and defines the additional limitation of receiving 
the decryptor information while establishing ii secure connection with the decryptor. 

Claim 15 includes the inventive features of claim 13 and therefore, it is 
respectfully submitted that claim 15 is novel over Ford for at least the reasons given with 
respect to claim 13. 

In addition, it is submitted that the additional limitations recited in claim 15 are 



not disclosed in the cited passage of Ford, i.e. 



column 7, line 49. As stated with respect to chim 14, the cited passage of Ford does not 
disclose obtaining the decryptor information from the decryptor . Furthermore, there is no 



Figure 2, step 34, column 6, line 40 to 
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disclosure in the cited passage of establishing a secure connection with the decryptor 
while obtaining the dccrypior information. 



that claim 15 is in compliance with 35 



Therefore, it is respectfully submitted 
LLS.C. 102(b). 

4. Dependent Claim 16 



Claim 1 6 depends from claim 13 and defines the additional limitations of 
receiving from the decryptor a decryptor identifier and using the decryptor identifier to 
lookup decryptor attibutes from a public repository, the decryptor identifier and decryptor 
attributes together constituting the decryptor information. 

Claim 16 includes the inventive features of claim 13 and therefore, it is 
respectfully submitted that claim 1 6 is novel over Ford for at least the reasons given with 
respect to claim 13. 

In addition, it is submitted that the adc itional limitations recited in claim 16 are 
not disclosed in the cited passage of Ford, ue. Figure 2, step 34, column 6, line 40 to 
column 7, line 49. As stated with respect to claim 14, the cited passage of Ford does not 
disclose obtaining the decryptor information from the decryptor . As well, the cited 
passage of Ford does not disclose using a deciyptor identifier to lookup decryptor 
attributes. What is disclosed in column 6, lines 42 to 65 of Ford is that decryptor 
privilege attribute information can include the decryptor's authentication identity and that 
the attributes may be obtained from a supporting database. The use of an identifier to 
lookup other attributes is not disclosed. 

Therefore, it is submitted that claim lo is in compliance with 35 U.S.C. 102(b), 
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5. Dependent Claim 19 

Claim J 9 depends from Claim 17 and 
receiving the certificate together with the key 



defines the additional limitation of 
ciphertext and key related information. 



Claim 19 includes the inventive features of claim 13 and therefore, it is 
respectfully submitted that claim 19 is novel over Ford for at least the reasons given with 
respect to claim 13. 

Furthermore, it is submitted that the additional limitations recited in claim 19 are 
not disclosed in the cited portions of Ford. At lines 42 to 43 of column 6, Ford states 
that: "The KRA will also obtain decryptor privilege information". This leads the reader 
to understand that the information, which could include a certificate is obtained in 
addition to the other information but not together with it. 



Therefore, it is respectfully submitted 
LLS.C 102(b), 



that claim 19 is in compliance with 35 



Dependent Claims 25, 26 and 27 



Claim 25 depends from claim 13 and defines the further limitations of receiving a 
plurality of key ciphertexts and respective key related information from the decryptor and 
determining whether at least one private key required to decrypt a respective at least one 
key ciphertext of the plurality of key ciphertexts is available; using the respective key 
related information to locate respective decryptor authorization logic stored externally to 
the decryptor; and upon determining such at least one private key is available, deciding 
based on the decryptor information and the respective decryptor authorization logic 
whether decryption of at least one of the plurality of key ciphertexts is permitted. 

Claim 25 includes the inventive features of claim 13 and therefore, it is 
respectfully submitted that claim 25 is novel over Ford for at least the reasons given with 
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Furthermore, it is submitted that the cited passages of Ford do not disclose the 
additional limitations of claim 25. In particular, column 6 lines 24 to 40 do not discuss 
the availability of the private key . Because pjord does not disclose decryptor 
authorization "logic", as discussed with reference to claim 13, it also does not disclose 
using key related information to locate the logic nor does it disclose deciding based on 
the logic in combination with decryptor information whether decryption is permitted. 



Claims 26 and 27 depend from claim 
claim 25 and therefore are novel over Ford 
claim 25. 



15 and include the inventive features of 
for at least the reasons given with respect to 



that claims 25 to 27 are in compliance with 



Therefore, it is respectfully submitted 
35 U.S.C 102(b). 

7. Dependent Claim 28 



Claim 28 depends from claim 13 and defines the further limitation that deciding 
based on decryptor information of the decryptor and the decryptor authorization logic 
whether decryption of the key ciphertext is to be permitted comprises applying at least 
one rule of the decryptor authorization logic associated with the public key used to 
encrypt the decryption key to the decryptor information to determine whether the 
decryptror should be permitted access to the decryption key. 



Claim 28 includes the inventive features 
respectfully submitted that claim 28 is novel 
respect to claim 13. Furthermore, making a 
is necessarily also not disclosed. 



of claim 13 and therefore, it is 
over Ford for at least the reasons given with 
division based on logic that is not disclosed 
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Therefore, it is respectfully submitted] that claim 28 is in compliance with 35 
U.S.C. 102(b). 



8. 



Dependent Claims 17, 1 8 and SO to 24 



1 24 



Dependent Claims 17, 18, and 20 to 
claim 13 and thus include the inventive Features 
submitted that claims 17, 18, and 20 to 24 arc 
given with respect to claim 13 and thus are in 



9. Independent Claim 29 



the 



independent claim 29 also contains 
authorization logic stored externally to the de 
independent claim 13, this feature is not disclosed in Ford 



depend either directly or indirectly from 
of claim 13. Therefore, it is respectfully 
novel over Ford for at least the reasons 
compliance with 35 U.S.C. 102(b). 



limitation of "locating decryptor 
:ryptor M . As explained with respect to 



Furthermore, claim 29 recites "applying the decryptor authorization logic to 
encrypt the decryption key to the decryptor information to determine whether the 
decryptor should be permitted access to the decryption key". The passage of Ford cited 
by the Examiner as disclosing this feature, namely Figure 2 and column 7, lines 35 to 49, 
actually discloses the application of Access Control Attributes (ACA) with the decryptor 
privilege attributes. The ACA is included in the A CD block with the key-release request 
- not stored externally. Ford does not disclose applying logic retrieved from an external 



storage. Therefore, Ford does not disclose all 
the test for anticipation has not been met. 



of the essential features of this claim and 



Thus, it is respectfully submitted that claim 29 is in compliance with 35 U.S.C. 



102(b). 

10. Independent Claim 30 

Independent claim 30 contains the limitation 
externally to the key release request associating 
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decryptor authorization logic that can be applied to a decryptor information ... applying 
the decryptor authorization logic". As explained above, Ford discloses neither decryptor 
authorisation logic located externally to the decryptor nor its application to information 
and therefore, Ford docs not disclose all the limitations of claim 30. 



Thus, it is respectfully submitted that claim 30 is in compliance with 35 U.S.C. 



102(b). 



11, Independent Claim 38 



With respect to independent claim 38, 



it recites "means for locating decryptor 



authorisation logic stored externally to the deiryptor" and "means for deciding based on 
decryptor information of the decryptor and the decryptor authorization logic". These are 
means for implementing the method steps of claim 13 and therefore the claim is novel 
over Ford for at least the same reasons given with respect to that claim. Specifically, Ford 
does not disclose "decryptor authorization logic stored externally to the decryptor". 



Thus, it is respectfully submitted that claim 38 is in compliance with 35 U.S.C. 



102(b). 



12. Dependent Claim 39 

Claim 39 depends from claim 38 and defines the further limitation that the key 
release agent is adpated to receive the decryptor information with the key ciphertcxt and 
key related information. 



Claim 39 includes the inventive features 
respectfully submitted that claim 39 is novel over 
respect to claim 38. 



of claim 38 and therefore, it is 
Ford for at least the reasons given with 



Furthermore, it is submitted that the additional limitation recited in claim 39 is not 
disclosed in the cited passage of Ford, i\e. Figure 2, and column 6, lines 24 to 40. The 
cited passage does not disclose obtaining the decryptor information from the decryptor 



PAGE 15/30 1 RCVD AT 5/18/2007 3:19:59 PM [Eastern Daylight Time] ■ SVR:USPTO-EFXRF-2/13 1 DNIS:2738300 1 CSID:6132328440 * DURATION (mm-ss):07-34 



Best Available Copy 

MRY-1&-2007 15:23 FROM: 6132328440 



TO:USPTO 



P. 16'30 



14 



nor receiving it together with key ciphertext and key related information 



Therefore, it is respectfully submitted 
U.S.C. 102(b). 



13. Dependent Claim 40 

Claim 40 depends from claim 38 and 
release agent being adapted to use a decrypt 
from a repository, the decryptor identifier anc 
constituting the decrpyptor information. 



or 



Claim 40 includes the inventive features 
respectfully submitted that claim 40 is novel 
respect to claim 38. 



that claim 39 is in compliance with 35 



defines the further limitation of the key 
identifier to lookup decryptor attributes • 
the decryptor attributes together 



of claim 38 and therefore, it is 
Over Ford for at least the reasons given with 



In addition, it is submitted that the ad< itional limitations recited in claim 40 are 
not disclosed hi the cited passage of Ford, i.e. column 6, lines 42 to 65. The cited passage 
of Ford does not disclose obtaining the decryptor information from the decryptor . As 
well, the cited passage of Ford does not disclose using a decryptor identifier to lookup 
decryptor attributes. What is disclosed in column 6, lines 42 to 65 of Ford is that 
decryptor privilege attribute information can include the decryptor's authentication 
identity and that the attributes may be obtained from a supporting database. The use of 
an identifier to lookup other attributes is not disclosed. 

Therefore, it is submitted that claim 40 is in compliance with 35 U.S.C. 102(b). 

14. Dependent Claim 41 



Claim 41. includes the inventive features 
respectfully submitted that claim 41 is novel 



of claim 38 and therefore, it is 
over Ford for at least the reasons given with 
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respect to claim 38 and in compliance with 35 LF.S.C. 102(b), 



15, Dependent Claim 42 



Claim 42 depends from claim 38 and defines the farther limitation of a means for 
applying decryptor authorization logic associated with each public key used to enciypt 
the decryption key to the decryptor information for determining whether the decryptor 
should be permitted access to tbe decryption key. 



Claim 42 includes the inventive features of claim 38 and therefore, it is 
respectfully submitted that claim 42 is novel over Ford for at least the reasons given with 
respect to claim 38, Furthermore, applying logic that is not disclosed is necessarily also 
not disclosed. 



that claim 42 is in compliance with 35 



Therefore, it is respectfully submitted 
U.S.C. 102(b). 

35 U.S.C. 103 

16. Independent Claim 1 



Claims 1 also includes the feature of dccryplor authorization logic stored external 
to the decryptor and therefore a prima facie case for obviousness has not been met 
because, all of the claim limitations have not been disclosed in the cited prior art 



In particular, Claim I recites "the decrypt- 
for use by the key release agent to locate decrypt* 
to the key release that is to be applied". Once aga; 
Examiner disclose attribute information and 



not 
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17. Dependent Claims 2. 3. 4. 6. 7 



P. 18^30 

RECEIVED 

CENTRAL FAX CENTER 

MAY 1 8 2007 



8, 9, 10, 11 



Claims 2 to 4 and 6 to 1 1 include all of the inventive features of claim 1 
and therefore arc inventive over Ford for at least the reasons given with respect to claim 
1 . Therefore, it is respectfully submitted that claims 2 to 4 and 6 to 1 1 are in compliance 
with 35 U.S.C. 103. 

18, Dependent Claim 5 

Claim 5 depends from claim 2 and defines the further limitation that the decryptor 
making the decryptor information available to the key release agent comprises the 
decryptor providing the decryptor in Formation to the key release agent while establishing 
a secure connection with the key release agenu 

Claim 5 includes all of the inventive features of claim 1 and therefore is inventive 



over Ford for at least the reasons given with respect to claim I. Furthermore t as 
submitted with reference to claim 15, the additional features claimed in claim 5 arc not 
disclosed in Ford Therefore, a prima facie c ale for obviousness has not been met and it 
is submitted that claim 5 is in compliance witll 35 U.S.C. 103. 



19. Independent claim 33 



Claim 33 also includes the feature of decryptor authorization logic stored external 
to the decryptor and therefore a prima facie case for obviousness has not been met 
because all of the claim limitations have not been disclosed in the cited prior art. 
Therefore, for at least the reasons given with respect to claim 1, it is respectfully 
submitted that claim 33 is in compliance with 35 U.S.C. 103. 

20. Dependent Claims 35 to 37 
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RECEIVED 
CENTRAL FAX CENTER 



MAY 1 8 2007 



Claims 35 to 37 include all of the inventive features of claim 33 and therefore are 
inventive over Ford for at least the reasons given with respect to claim 33. Thus, it is 
respectfully submitted that claims 35 to 37 arc in compliance with 35 LLS.C. 103. 

21. Dependent Claims 31 and 32 

Claims 31 and 32 have been cancelled rendering the objection to these claims 

moot. 

For the foregoing reasons, it is submit :ed that the Examiner's rejections are 
erroneous, and reversal of his decision is respectfully requested. 



Respectfully submitted, 



GLENN LANGFORD 




Reg. No. 45,405 

Tel.: (613)232-2486, Ext. 271 



Smart & Biggar 
P.O. Box 2999, Station D 
900-55 Metcalfe StTeet 
Ottawa, Ontario K1P5Y6 



Date: May 18,2007 



RAB:CTslG:KLM:MS$:mroc:mCg 
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Claims Appendix: 

1 . (Previously presented) A method for a deoryptor to obtain a decryption key from a key 
release agent comprising: 

a decryptor obtaining an encryption block comprising a data ciphertext 
requiring a decryption key to decrypt, the encryption block further comprising key related 
information associated with a first (public key, private key} pair, the encryption block 
further comprising a key ciphertext consisting of the decryption key encrypted by the first 
public key of the first { public key, private key} pair, the encryption block not including 
an ACD (access controlled decryption) block; 



the decryptor generating a key 
ciphertext, and the key related information and 
key release agent, the key release request for 
decryptor authorization logic stored external^ 
applied in determining whether or not to 



• release 



release request containing the key 

outputting the key release request to the 
use by the key release agent to locate 
to the key release request that is to be 
the decryption key; 



in the event die decryption key is to be released, the decryptor receiving a 
key release response specifying the decryption key, 

2. (Previously presented) A method according to claim 1 further comprising: 

the decryptor making deciyptor information available to the key release 
agent, the decryptor information for use by the key release agent in determining decryptor 
attributes, the decryptor attributes for further use in determining whether or not to release 
the decryption key. 

3, (Original) A method according to claim 1 further comprising the decryptor using the 
decryption key to decrypt the data ciphertext. 



4. (Original) A method according to claim 1 
information available to the key release agent 
information in the key release request. 
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5. Obviously presented) A method according to claim 2 wherein the deciyptor making 
the decryptor information available to the kc)j release agent comprises the decryptor 
providing the decryptor information to the key release agcnl while establishing a secure 
connection with the key release agent. 



6. (Previously presented) A method according 
the decryptor information available to the key 
decryptor identifier which may be used to look 
repository external to the key release request*. 



to claim 2 wherein the decryptor making 
release agent comprises providing a 
up decryptor attributes stored in a 



7. (Original) A method according to claim 1 wherein the key related information 
comprises a key pair identifier. 

8. (Original) A method according to claim 1 further comprising 

before generating the key release request, the deciyptor determining if the 
private key of the first {public key, private key} pair is available at the decryptor; 

upon determining the private key of the first {public key, private key} pair 
is not available at the decryptor generating the key release request. 

9. (Original) A method according to claim 1 further comprising: 



of the 



decrypting at least a portion 
encrypted version of the decryption key using 
private key} pair to recover the decryption key, 



key release response containing an 
a private key of a second {public key, 



10. (Previously presented) A method according to claim 1 wherein the encryption block 
comprises a plurality of key related informatiqn associated with a respective plurality of 
first {public key, private key} pairs, and a respective plurality of key ciphcrtexts each 
consisting of the decryprion key encrypted by the public key of a respective one of the 
plurality of first {public key, private key} pairs associated with the plurality of key 
related information, the method comprising; 

generating the key release request containing the plurality of key 
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ciphcrtexts, and the associated plurality of key related information 



1 1. (Original) A method according to claim 10 further comprising: 

before generating the key release request, determining if at least one 
private key of the plurality of first {public key, private key} pairs is available at the 
decryptor; 

upon determining none of the private keys of the plurality of firsl {public 
key, private key} pairs is available at the decryptor generating the key release request. 

12. (Cancelled) 

13. (Previously presented) A key release method comprising 

receiving a key ciphcrtcxt and key related information in respect of a key 
used to encrypt the key ciphertext from a decijyptor; 

locating decryptor authorization logic stored externally to the decryptor 
with use of the key related information; 

obtaining decryptor information in respect of the decryptor; 



deciding based on the decryptor information and the decryptor 



authorization logic whether decryption of the 



cey ciphcrtcxt is to be permitted. 



14. (Original) A method according to claim 
received from the decryptor together with the 



13 



wherein the decryptor information is 
key ciphertext and key related information. 



15, (Original) A method according to claim 113 
comprises receiving the decryptor information 
with the decryptor. 



wherein obtaining decryptor information 
while establishing a secure connection 



16. (Original) A method according to claim lU wherein obtaining decryptor information 
comprises: 

receiving from the decryptor a decryptor identifier; 
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using the decryptor identifier to 
repository, the decryptor identifier and decrypior 
decryptor information, 



17. (Original) A method according to claim 1 



18. (Original) A method according to claim 1 



lookup decryptor attributes from a public 
attributes together constituting the 



3 further comprising: 



using information in a certificate as the decryptor information. 



7 further comprising: 



obtaining the certificate from a certificate repository. 

19. (Original) A method according to claim 17 farther comprising receiving the 
certificate together with the key ciphcrtcxt and key related information. 



20. (Original) A method according to claim 1 
identity or role of the decryptor, an alias, or a 



3 wherein the decryptor information is an 
claim of access rights or privilege, or some 



other attribute o f the decryptor of a corresponding decrypting device or platform. 

21. (Original) A method according to claim 13 wherein the key related information 
comprises a key pair identifier. 

22. (Original) A method according to claim 13 further comprising: 

decrypting the key ciphertext, re-encrypting the key using a public key of 
a {public key, private key} pair to produce a re-encryptcd key, the private key of which is 
available to the decryptor, and sending the re-encrypted key to the decryptor. 

23. (Original) A method according to claim 13 further comprising: 

decrypting the key ciphertext to obtain a decryption key; 
sending the decryption key to the decryptor over a secure channel. 

24. (Original) A method according to claim 13 further comprising: 

decrypting the key ciphertext to obtain a decryption key; 
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using a symmetric key available to the decryptor, encrypting the 
decryption key with the symmetric key to produce an encrypted decryption key, and 
sending the encrypted decryption key to the decryptor. 

25. (Previously presented) A method according to claim 13 further comprising: 

receiving a plurality of key ciphertexts and respective key related 
information from the decryptor and determining whether at least one private key required 
to decrypt a respective at least one key ciphcrtcxt of the plurality of key ciphertexts is 
available; 

using the respective key related information to locate respective decryptor 
authorization logic stored externally to the decryptor; and 



upon determining such at least 
on the decryptor information and the respective 
decryption of at least one of the plurality of 



one private key is available, deciding based 
decryptor authorization logic whether 
ciphertexts is to be permitted. 



key 



26. (Original) A method to claim 25 farther comprising: 

decrypting one of the key ciphertexts using a corresponding private key to 
recover a decryption key. 

27. (Previously presented) A method according to claim 25 wherein deciding based on 
decryptor information of the decryptor and the respective decryptor authorization logic 
whether decryption of at least one of the key diphertexts is to be permitted comprises 
applying the respective decryptor authorization logic associated with each public key 
used to encrypt the decryption key to the decryptor information to determine whether the 
decryptor should be permitted access to the decryption key. 



28. (Previously presented) A method according to claim 13 wherein deciding based on 
decryptor information of the decryptor and the decryptor authorization logic whether 
decryption of the key ciphertext is to be pcrmjlted comprises applying at least one rule of 
the decryptor authorization logic associated with the public key used to encrypt the 
decryption key to the decryptor information to determine whether the decryptor should be 
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pcrmitted access to the decryption key. 



29. (Previously presented) A method of controlling access to a decryption key 
comprising: 

receiving from a decryptor a key release request comprising decryptor 
information and the decryption key encrypted using a public key; 

locating decryption authorization logic stored externally to the key release 
request with use of the public key; 

applying the decryption authorization logic to the decryptor information to 
determine whether the decryptor should be p. 



en 



mittcd access to the decryption key; 



upon determining the decryptor should be permitted access to the 



decryption key, sending a key release respons 



2 specifying the decryption key. 



30. (Previously presented) A method of controlling access to decryption keys 
comprising: 

maintaining a private key repository comprising a plurality of access 
identifiers, and for each access identifier at least one key related information of a 
respective (public key, private key} pair, the repository also containing the private key of 
each {public key, private key} pair; 

receiving a key release request 
using a public key of a (public key, private 
information associated with the {public key, 



containing a decryption key encrypted 
koy} pair and containing a key related 
private key } pair, 



maintaining a repository residing externally to the key release request 
associating each access identifier with respective decryptor authorization logic that can 
be applied to a decryptor information; 

obtaining decryptor information; 

for each access identifier in association with which the key related 
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information is stored, applying the respective 



decryptor authorization logic to the 



decryptor information specified in the key release request; 

in the event the decryptor infoimation satisfies at least one of the 
respective decryptor authorization logics, decrypting the ciphertext to recover the 
decryption key, and sending a key release response to the deciyptor specifying the 
decryption key. 

31. (Cancelled) 

32. (Cancelled) 

33. (Previously presented) A decryptor comprising; 

means for obtaining an encryption block comprising a data ciphertext 
requiring a decryption key to decrypt, the encryption block further comprising key related 
information associated with a first (public key, private key} pair, the encryption block 
further comprising a key ciphertext consisting of the decryption key encrypted by the first 
publ ic key of the first {public key, private key} pair, the encryption block not including 
an ACD (access controlled decryption) block; 

means for generating a key release request containing the key ciphertext, 
and the key related information and outputting the key release request to the key release 
agent; 

means for making decryptor information available to the key release 
agent, the decryptor information for use by the key release agent to obtain decryptor 
authorization logic stored externally to the key release request that is to be applied in 
determining whether or not to release the decryption key; 

j 

means for receiving a key release response specifying the decryption key. 



34. (Cancelled) 



35. (Previously presented) A decryptor according to claim 33 further comprising means 
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for using the decryption key to decrypt the data ciphertext 



36. (Original) A decryptor according to clani 33 
information available to the key release agent by 
the key release request. 



37. (Original) A decryptor according to clain 
decrypting at least a portion of the key release 
of the decryption key using a private key of a 
recover the decryption key. 



adapted to make the decryptor 
including the decryptor information in 



33 further comprising means for 
response containing an encrypted version 
second {public key, private key} pair to 



38, (Previously presented) A key release agent comprising: 

means for receiving from a decryptor a key ciphertext and key related 
information in respect of a key used to encrypt the key ciphcitext; 



means for locating decryptor authorization logic stored externally to the 
dectyptor with use of the key related information; 

means for obtaining decryptor information in respect of the decryptor; and 

means for deciding based on decryptor information of the decryptor and 
the decryptor authorization logic whether decryption of the key ciphertext is to be 
permitted. 



39. (Original) A key release agent according 
information together with the key ciphertext 



:o claim 38 adapted to receive the decryptor 
key related information. 



and 

40, (Previously presented) A key release agent according to claim 38 adapted to use a 
decryptor identifier to lookup decryptor attributes from a repository, the decryptor 
identifier and decryptor attributes together constituting the decryptor information. 

4 J . (Previously presented) A key release agent according to claim 38 further comprising 

decrypting means for decrypting the key ciphertext; 
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cncryption means for rc-cncrypling the key using a public key of a {public 
key, private key} pair to produce a re-encryptld key, the private key of which is available 
to the decryptor; 

means for sending the re-encrypted key to the decryptor. 

42, (Previously presented) A key release agent according to claim 38 further comprising: 

means for applying decryptor authorization logic associated with each 
public key used to encrypt the decryption key to the decryptor information for 
determining whether the decryptor should he permitted access to the decryption key. 
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problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 
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Evidence Appendix: 
None. 
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Related Proceedings Appendix 

None. 
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